From 4e820ea09ae8cd755d19f31d6c592f102d1710c4 Mon Sep 17 00:00:00 2001
From: Julian Mutter <julian.mutter@comumail.de>
Date: Sat, 13 Jun 2026 15:20:33 +0200
Subject: [PATCH] Add age key to sops for container usage

---
 .sops.yaml                    |  2 ++
 fdroid/encrypted-config.yml   | 51 ++++++++++++++++++++---------------
 fdroid/encrypted-keystore.p12 | 17 +++++++-----
 3 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 81814621a..9ae4f7e8f 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,6 +2,7 @@ keys:
   - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
   - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
   - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
+  - &docker-env-var age1qwfnn0gv7mt5dsgy4enew439mgtfd49q46r2gfdqyehpkzx4npcq78a87s
 
 creation_rules:
     - path_regex: fdroid/*
@@ -10,3 +11,4 @@ creation_rules:
         - *primary
         - *aspi-ssh
         - *builder-ssh
+        - *docker-env-var
diff --git a/fdroid/encrypted-config.yml b/fdroid/encrypted-config.yml
index 83b326bec..1dd72836f 100644
--- a/fdroid/encrypted-config.yml
+++ b/fdroid/encrypted-config.yml
@@ -296,33 +296,42 @@ keydname: ENC[AES256_GCM,data:Y3wSx0afY5cU1UTFGhfjkFUfhxfq1QLXJg==,iv:yKm+MRbVjh
 #ENC[AES256_GCM,data:zKniEwAw4Q+i+i4jmjIjyKtbymHpXL7P1roBPRlgi674/VBbgTzu7g==,iv:SyRbw64A7eiMJtjwo4QK90ovbkw5yQUR1mD71FPhc60=,tag:gP4mu7DTwJhXdlggPz0UxQ==,type:comment]
 sops:
     age:
-        - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
-          enc: |
+        - enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsWHkyZHFUcnVkRERzbnhj
-            UnZQb0JvVUtlUnhkME1VZDFPVGgyeFc2TmowCkhWak5RZVh6NXZuRVdaRkpHNHc3
-            WDYyQ25tVWFCenhRUGVncE9hc1ByZXMKLS0tIFpUOWhHMVpGeitQYzBhUisvNmRR
-            eC9pcWFuY2ZHaTFWaGdNR1AvYmFpTncKCjWikMHAI7Mbqh5eUNwCs5BIlLLh5OxE
-            ypwLLQoCECj1BWgJGGEnTVOGSdiRwUMCgWxsJSO/nz+1SbPTp4z0GQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRis5WitnZnBwVm15bXdO
+            cHo2dkdwWDlNMUFOT3Q4SHErL29jY0tTZDI4CmtYVzdCcjZ4ZXl0MTNvdStJNHlH
+            c0Nab2YwNWh2THJzdjJpYjhyVUl6M28KLS0tIGZuWHUxY1lCdUdvYUtCWXpqb3p0
+            WmdGNGVZRGhuWE4rZVJBV1F6aTQ0eDgKkykL55f1wEkE+eMha/c7USjwpsUbJBpA
+            IEy+9awjauMD9pNrBjqhbh2g5xY042ea7dcPaexNVsqauHxzzN4m4g==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
-          enc: |
+          recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
+        - enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNCtLdmovUmJhemtvWHRH
-            RGRLNHdvRGJadXpHdFZhaStWbUxVNGJxOVdrClZydGNYVzlSYnd6RDJJZCtLRzJk
-            TjM3RWV1L254T2MxeElkanJTS0ZFQ2MKLS0tIFluRllablZkRGp5cjR2Tm1wN1hD
-            bDMxT3RqdG1QdVJ5cTlNVHBwd0x0czAKN6VTum88epGjNgA2v887k4/cfUIrZwTC
-            cUGQmPwunrVK5OlwsM4d1xKC39CHWFE/uDeYCl8gADrOG1TcsFvqpA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWEtDNGVDdXNXQktpNlds
+            VlBMZ2NEcDFMMENSUnVUR0YvUUg3clhOOVZZCmxJTGp5UUJvaG05V2Z3NG52SjVG
+            OS8vS0pIeXdlRVdPeVdHV0I5UkNwbG8KLS0tIGIvcUJvdFRxUExhY0cwN3hqV0Ur
+            clhac1BydUk1MEFBdDdFUnFlNzZ5YXcK2UaiG9h9ZBDTfAEmLIS5Zwya60d5G7l4
+            Gn3maQh8+N3iaapsn/waxwMXOUxlvVjBsRBd4z3k5iBHmt1+G23M3g==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
-          enc: |
+          recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
+        - enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTVpSUDFTY0NabFpqT05y
-            THB2bVZ1RFhEejI1NkFEeEs3SjF4TDBaU2pjCnNpQkRVY1BhLzVLWjVML29HanlB
-            QXpzREMyYWkxQTZUbWg2Wk9KMkVkajAKLS0tIGdIa0w1ZFR5UEdydUVYYkVzSmgv
-            SnB5aGptOU5DTklKQVUwaHFTTm00N1kKIDN8J2/Ypw3r1pA7FxCssaFT6wyiB2IR
-            SmgMhts+dAtDIKxASiqAQAt9WJ5IUneqXu2IVF2bdzBHpcr3iXhbzQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzOE9CMTQ2OEw0dG5WVUkz
+            ZWgrR1F6OWR1eXJQblRLOEoreHI5YmZNMkRzClJlRTF6Y3hGRzNGYmU3RC9Rek9Y
+            YWdpWThmMTdkRjIwMnBpb2FwL1ZVejAKLS0tIDRsMHRXblZBUXltRGNqcytrSjlu
+            V1VSWEZ0dC9XdUx6WFRvMUtlSjl5TGMKh+9AIETppAs8PbhyDiIHGhaT+5Nm7qs7
+            hoUlfXSluotltd/a+B/IX0IjME/h7P6akJ9iecJzZfNTqh9ocD4IEw==
             -----END AGE ENCRYPTED FILE-----
+          recipient: age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
+        - enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNHJXRVBsam91cThzaXli
+            K29SS08xRkRZNlJhaDhtZVpzTEJOREdIVzNrClQzdEk4RDhpcFVHdng4S2hpMFBT
+            R2ZPeXRheldwNTl2WDFheDlHdDl1NEkKLS0tIElvWnFqS2Q4NGZJcUlOUG5ESCtV
+            RzdIb0VJT1FaN24wY3hiUHVGaTZaN3cKS1lru+T2GyCLm6WPktEgZyuDnaOMc/ws
+            pPCTcWZHxQCkL7kb/127eDsZJTxGdv8Dyn6PKr2ajlro1lQOwQHuCQ==
+            -----END AGE ENCRYPTED FILE-----
+          recipient: age1qwfnn0gv7mt5dsgy4enew439mgtfd49q46r2gfdqyehpkzx4npcq78a87s
     lastmodified: "2025-10-09T06:24:30Z"
     mac: ENC[AES256_GCM,data:tk5TECa+qYWwoQoOpnY79i4VNdacVNk6p98/yWjK35MCAmK4sHl+GETK+lImh+9FmTrtNzvLZ8mHvAalnpV1CqDTsZqjBRD8snPvpZdn6VgLrTu66C2Ft+FNWnJC1yECoJGE8csa94cHhMaezC/9jpCYnGG2rtaiVr9sfB28olM=,iv:HDDZ5gfFASGzJ5pOYkS/DSgkhFfMc0yeJzxFgTLOjYg=,tag:lmvOIa8oHS/HNA82w01TvQ==,type:str]
     unencrypted_suffix: _unencrypted
diff --git a/fdroid/encrypted-keystore.p12 b/fdroid/encrypted-keystore.p12
index b081f8752..ba3b90d43 100644
--- a/fdroid/encrypted-keystore.p12
+++ b/fdroid/encrypted-keystore.p12
@@ -3,20 +3,25 @@
 	"sops": {
 		"age": [
 			{
-				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxb3QyWWFHZjlvcFMzUFRV\nTVl2NEszNmVEWlNtYUJ0OW54YjUyVjRDeHk0CjM3S2pjUmNma0wrd0xXQ0VEM1Ir\nNXNndFlNUkpjZEUyeHB5dkdwYTcrOUkKLS0tIDBEaWVKZXVRMjlsOWRDdGhnSENY\nQm5EYy9ENGhQNmFsOTE0bFhXTC9IMTgKVNYtDqCUbzY2Q8zn1ub1T7PObImsjAq1\nXQcx6UXomwRz0NzHsLefFHZ+n7FbNzjnnlujkA7ez3vCY71EdRKUCQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSW1EWFFYam1zZ1hjMnk2\nZ1dJWjVtWGgxYzBjYXVqL1MxME43TjZXRkVFCmN4NUxzdVJ6dEdrRTJwY2MzWlF6\ncVE1aWtxK0R0ZW1NK3lPZUNjWmZVZzAKLS0tIEJvZk40bUU1RmFva25Wc3Nsa1Fj\ncWMwRWhKRXRLcHVITFRLVTl0NVlJK1EKDRRcacbVcrl6/0VITguko7ec9dVoOasN\nBFJKCefNCzldoukS9IVpmxH+pBL+Q7awMiqFW1aabfoSRdn2oWoPDQ==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg"
 			},
 			{
-				"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVTNKRDQrb3R2R3lnWjJN\nZitETG9VdWlHNm1rRFpVd2Z2ckNIenA2MlRrCmx1ZVRhZUg0ZVBoYzhPdVhXUG5j\na2FXNUhJWDVuQjNyS0tBbHNQWjZPY3MKLS0tIHUvRU1leklPVkZpSkpJVjZHY1pk\nK05obThKKzdxc3BLcmQ1QWE4RjYvODQK3hIPfDysWC6elB5+EXcAjGay7KAKx40M\nqJzAy7JLviIh/leJDQY/4m0Wx5v6AJtm4Q6RpUcVouPpMD6bDYY4Kg==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUGNVY0FzRmVVMmZUcU1r\nbVVFM2J0aG9qdTNCd1JyWnJiVHcwaCtIM0hVClJmN1NKT2l4TXVvU2ZZczVQMWM0\nZ3dabG05QWlaSU9GR2pFM2tldlBDVUkKLS0tIHhPT0pOUWx4M2ROQkR6T2M0NUlX\nbHBwR1RQUUI3QUt5bE1VWWtLZ3J3RmcKag3xF4PALKFu1N+cmvvdFjnW5k1Dp2vO\n/M/49tcDw7kc9LSkfzQhSJhXUNr+PtJmOinh228PziO/UJJ/d6HnVQ==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4"
 			},
 			{
-				"recipient": "age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WEEzMTFOaW9wKzk0OE56\nMEJuejNCZ29HSnhvUGMyZUtMSmhRUWZZbFRVCjFodmZyekcyUHZ6QXEydStJQS9l\nSjhnWkpiNVpRL1pTbzFGTjhBd2tmWEUKLS0tIG1SRTB0d3E4S3pwRUFhVE9xZlk3\nVWJVMEpLMFNNbGQ2dk1JWWNyRHZPVUkKQ5IuJwMyqgJF8dkgEVJUcRLgQRhizFSJ\nB6qTE+SbjwRmgD5Ua2My4VxdOgXlsNVL8hHxKhGD4NkNC2edRUC+YA==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQ211UDlxTDR4UWxjZG85\nZHJTeFA0OFBsWU5nVSsxZ2RINGpnN3YzMXdvCmpMcnJVRG1SS2JVWUdxU0JGWmpy\ndTRJYUppU01qYmZFVU5RTGd3SHRMKzQKLS0tIHBZZWsvaVQvcmRMd0QvUzNKOWNz\nb3F3eXl4bmo4WjdTY1l2dWMwZ2llZjQKjN3vWtL+9PF39BkyPSqGaPfmyQrgXbDQ\nxObWs6NZqVWyJ+SEx8RvjdQymzbqG5NfQiWPCTR4kkS4/7KWxQxDTw==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja"
+			},
+			{
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWkFYdVROeWplUElxOGtY\nYlRoRkViWEJwdDNOSk5WczRvYWxPMkw2SVVvCnlneWI3VUN4R2E0Si9DWThUblVJ\nVUdoWGpTN0dldFUxMktPSTZIaXRmUjQKLS0tIGVwWWVqMW9NWTBzejlUWGFpY3NR\najRjc3pjRGhWOENKRFczQUtVcE8va1EKSZnqNhNcbD89iQi3he00TXfx9rw4HXNt\nZs3JnZOigvnZv2G0BwHD+TEeSbw3haS/2v65LMNhifsVVO/CZZrHOw==\n-----END AGE ENCRYPTED FILE-----\n",
+				"recipient": "age1qwfnn0gv7mt5dsgy4enew439mgtfd49q46r2gfdqyehpkzx4npcq78a87s"
 			}
 		],
 		"lastmodified": "2025-10-09T06:24:12Z",
 		"mac": "ENC[AES256_GCM,data:uN3S6ttwLzX9If39NfoNRgrSzNjU7Ieym+yM1TJGNgHU545QDghPlar0EYRkbNpCucEQb0qANI6GUja51JTnNIJcMRET8VmvT3JXAVKV+4vB1X+j3Pq9/2IWg5UMXw+JKAT7eVbCsjxmJ7zh+XAC//wztbzUnT6fRvDCInQ52Fw=,iv:C9RjR3uuj/VG3fc/maTqJSSTt+iA82CYas0JS1I13CI=,tag:/h5+xMZgC3cn8aG+qyO2qA==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
 		"version": "3.11.0"
 	}
 }